The following steps are required in order to run the Docker Compose setup.
If you didn’t create a Docker network for HoneyTrap just yet, create one now by executing the following command.
docker network create honeytrap
When working with the pre-built Docker Compose setup, it’s necessary to set up the following data infra.
mkdir -p /data/elasticsearch chown -R 1000:1000 /data/elasticsearch
Note: If you’re running MacOS, make sure to share
/data/elasticsearch in Docker preferences.
If Go is not installed yet, you can do so by following this guide.
In order to install the HoneyTrap application, execute the following commands.
$ mkdir /opt/honeytrap $ cd /opt/honeytrap/ $ export GOPATH=/opt/honeytrap $ export PATH=$PATH:/usr/local/go/bin/ $ go get github.com/honeytrap/honeytrap/ $ cd src/github.com/honeytrap/honeytrap/
Issue the following commands to download the configuration files. The former is the configuration file for setting up the HoneyTrap Sensor infrastructure, the latter is for configuring the HoneyTrap Sensor.
wget https://gist.githubusercontent.com/Coen-Schuijt/94a58b942e3d44c2221c1de2b7dfc543/raw/docker-compose-sensor.yml wget https://gist.githubusercontent.com/Coen-Schuijt/94a58b942e3d44c2221c1de2b7dfc543/raw/config-sensor.toml
Note: The interface name in the config.toml file has to be adjusted to the interface you want the HoneyTrap Sensor to listen on. The specific interface name may vary, based on the host operating system being used.
Note: If you are running Linux, you need to add the following line to /etc/sysctl.conf, and reload using
sysctl -p /etc/sysctl.conf:
vm.max_map_count = 262144
This will use the config-sensor.toml file in the current directory. This will use the custom network stack to capture the first packet after the handshake has been completed. If you want to store data into Elasticsearch and analyze with Kibana, it will be easiest to use the Docker Compose script.